From 49324986a8c08f927c980ee02782c9ab315072a5 Mon Sep 17 00:00:00 2001
From: Jeff Handley <jeffhandley@users.noreply.github.com>
Date: Wed, 7 Jan 2026 17:03:12 -0800
Subject: [PATCH 1/2] Document explicitly that resource files are considered
 trusted

---
 docs/core/extensions/resources.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/core/extensions/resources.md b/docs/core/extensions/resources.md
index 3b8f5b3dc0f7f..7ae78a8dbcfc4 100644
--- a/docs/core/extensions/resources.md
+++ b/docs/core/extensions/resources.md
@@ -57,6 +57,9 @@ You can then retrieve resources for the current UI culture or for a specific cul
 
 - The <xref:System.Resources.ResXResourceSet> class, which enables you to retrieve all the items in an XML resource file into memory.
 
+> [!NOTE]
+> In general, resource files (.resx and .resources) within .NET are considered part of the application deployment and are assumed to be trustworthy, much like configuration. Components which operate over such files are free to rely on this assumption. Developers therefore should not process untrustworthy resource files unless they're using an API explicitly documented as being safe for use with untrusted data.
+
 ## See also
 
 - <xref:System.Globalization.CultureInfo>

From e8e34ab9971793ba7f3e404d71eacc6d2bd842e4 Mon Sep 17 00:00:00 2001
From: Jeff Handley <jeffhandley@users.noreply.github.com>
Date: Thu, 8 Jan 2026 13:45:10 -0800
Subject: [PATCH 2/2] Apply language feedback

Co-authored-by: Genevieve Warren <24882762+gewarren@users.noreply.github.com>
---
 docs/core/extensions/resources.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/core/extensions/resources.md b/docs/core/extensions/resources.md
index 7ae78a8dbcfc4..c186e14d4b9f4 100644
--- a/docs/core/extensions/resources.md
+++ b/docs/core/extensions/resources.md
@@ -58,7 +58,7 @@ You can then retrieve resources for the current UI culture or for a specific cul
 - The <xref:System.Resources.ResXResourceSet> class, which enables you to retrieve all the items in an XML resource file into memory.
 
 > [!NOTE]
-> In general, resource files (.resx and .resources) within .NET are considered part of the application deployment and are assumed to be trustworthy, much like configuration. Components which operate over such files are free to rely on this assumption. Developers therefore should not process untrustworthy resource files unless they're using an API explicitly documented as being safe for use with untrusted data.
+> In general, resource files (.resx and .resources) within .NET are considered part of the application deployment and are assumed to be trustworthy, much like configuration. Components that operate over such files are free to rely on this assumption. You shouldn't process untrustworthy resource files unless you're using an API that's explicitly documented as being safe for use with untrusted data.
 
 ## See also